How do I whitelist a domain in office 365?

Office 365 provides protection for your email account with automatic filters that divert suspected spam to a separate folder away from the Inbox. It also has a separate safe sender list that allows senders to be trusted and allow images to be download automatically from the send outs.

While this safeguard is usually helpful, valid emails from companies, colleagues and loved ones may also end up in the spam folder.

Creating a whitelist tells the program which domains it should always allow through and eliminates the possibility of missing legitimate emails. 

 

(New path) Use the Microsoft 365 Defender portal to configure third-party phishing simulations in the advanced delivery policy.


Holm Security's recommendation is that whitelisting should only be used during a send out and it should be removed in between send outs to make it a safe a process as possible.

  1. In the Microsoft 365 Defender portal, go to Email & Collaboration > Policies & Rules > Threat policies > Advanced delivery in the Rules section.

  2. On the Advanced delivery page, select the Phishing simulation tab, and then do one of the following steps:

    • Click Edit icon. Edit.
    • If there are no configured phishing simulations, click Add.
  3. On the Edit third-party phishing simulation flyout that opens, configure the following settings:

    • Sending domain: Expand this setting and enter at least one email address domain (for example, contoso.com) by clicking in the box, entering a value, and then pressing Enter or selecting the value that's displayed below the box. Repeat this step as many times as necessary. You can add up to 10 entries.

  • Sending IP: Expand this setting and enter at least one valid IPv4 address by clicking in the box, entering a value, and then pressing Enter or selecting the value that's displayed below the box. Repeat this step as many times as necessary. You can add up to 10 entries. Valid values are:

    • Single IP: For example, 192.168.1.1.
    • IP range: For example, 192.168.0.1-192.168.0.254.
    • CIDR IP: For example, 192.168.0.1/25.
  • Simulation URLs to allow: Expand this setting and optionally enter specific URLs that are part of your phishing simulation campaign that should not be blocked or detonated by clicking in the box, entering a value, and then pressing Enter or selecting the value that's displayed below the box. You can add up to 10 entries. For the URL syntax format, see URL syntax for the Tenant Allow/Block List.

To remove an existing value, click remove Remove icon. next to the value.

     4. When you're finished, do one of the following steps:

    • First time: Click Add, and then click Close.
    • Edit existing: Click Save and then click Close.

The third-party phishing simulation entries that you configured are displayed on the Phishing simulation tab. To make changes, click Edit icon. Edit on the tab.

 

(Old path) Holm Security's recommendation is that whitelisting should only be used during a send out and it should be removed in between send outs to make it a safe a process as possible. 

  1. You must log in to Office 365 as an admin to add domains to the whitelist.
  2. Click the Admin drop-down box at the top of the screen, select Exchange and click the Mail Flow headline.
  3.  Click the plus sign icon and select Bypass spam filtering from the menu.
  4. Type a name for the rule in the appropriate text box. Something simple such as whitelist suffices.
  5. Select The senders domain is… from the Apply this rule if drop-down box.
  6. Enter the domain you want to allow access. Do not include the entire email address; rather, just include the domain from which it originates, such as gmail.com.
    You can find what domains Holm Security is using in the following article:
    https://support.holmsecurity.com/hc/en-us/articles/115003235789-How-do-I-whitelist-the-reply-to-email-address-
  7. Click OK when you are done.

    The whitelisting is now done and we continue adding our domains to the safe sender list using Office 365 Poweshell. If you are not familiar with Office Powershell you can read about how to get started in the following link: https://docs.microsoft.com/en-us/office365/enterprise/powershell/getting-started-with-office-365-powershell

  8. Connecting to Office 365 Powershell: https://docs.microsoft.com/sv-se/powershell/exchange/connect-to-exchange-online-powershell?view=exchange-ps
  9. Type in one of the following scripts depending on the datacenter used to add trusted domains:


    Sweden, Stockholm:

    $All = Get-Mailbox -RecipientTypeDetails UserMailbox -ResultSize Unlimited; $All | foreach {Set-MailboxJunkEmailConfiguration $_.Name -TrustedSendersAndDomains "admintools-microsoft3.com",  "admintools-microsoft2.com", "admintools-microsoft.com", "epostadministratoren.se", "eccfo.eu", "eccfo1.eu", "epostadministratoren1.se", "admintools-google1.com", "holmsecurity.com"}


    Malaysia, Kuala Lumpur 

    $All = Get-Mailbox -RecipientTypeDetails UserMailbox -ResultSize Unlimited; $All | foreach {Set-MailboxJunkEmailConfiguration $_.Name -TrustedSendersAndDomains "credit-card-safetyorg.com" "credit-card-safetyorg1.com", "microsoft-officetools.com", "microsoft-officetools1.com", "office365-admin-console.com", "office365-admin-console1.com", "google-administrator.com", "google-administrator1.com", "holmsecurity.com"}

    This script makes sure that all mailboxes are selected and that our domains are marked as safe for all users.

  10. Make the send out from Security Center.
  11. Type in the following script to remove all trusted domains: 

    $All = Get-Mailbox -RecipientTypeDetails UserMailbox -ResultSize Unlimited; $All | foreach {Set-MailboxJunkEmailConfiguration $_.Name -TrustedSendersAndDomains @null}

    Notice that this will remove ALL trusted domains.

Remember to follow our recommendations and remove the trusted domains after the send out is complete. 

Have more questions? Submit a request

0 Comments

Please sign in to leave a comment.